9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83e

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
Size

38KB
MD5

e46b1f3ebc677975e1ab38bd4129f2f0
SHA1

000d1cbcb0604b519f811c4512dea6b28286e3db
SHA256

9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83e
SHA512

47208d4ebf1bd25d789d398b90dcea447b156ca26555a3c20b84ba09d8ddc29f9b8aba7319b8f4a2429128358f45dfaf617a862ff8c42674f245d96357b843a7
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1f:W7ZppApBULcfpHLcfpSo3fR

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglinterop_dxva2_plugin.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe

C:\Users\Admin\AppData\Local\Temp\9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe
"C:\Users\Admin\AppData\Local\Temp\9a2d548d1d927a1661869894b8f3f995d2dc9712e5a73fd3a23c7a355a45e83eN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
39KB

MD5
b34d57d8eb6bbc34b3f8eebbd79f1f90

SHA1
1feedb6cbcd9510e6998c0faff1a613251ccd569

SHA256
dba7010ce3a799adf59c46e5148aa12c55535310e86c46c5d142c08e0fbb38a7

SHA512
f61f880bad7d23835d21b310de575336c728f838c935b4ffe00c7ccc56dcd56cfdc10483dfd2849e86d75df5ad1b38a9d914269b61981431af29b4572e5c8c84

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
48KB

MD5
a74298c2ad6570a21fdb1fcd3f05ba2e

SHA1
5bf19ff9c8d310a1ec7e32b91e419662567b8936

SHA256
d936a370b643d3a09f36d83517a42b06cbd3b9fd64ea54560070a1bc59441a6d

SHA512
fcefca830a6c81735fe5d6cccebd68466f1d128f06d718c9006966f1a79ce1d6897b434d38a041e9340519bc426828b5ad8c1ca0cc25f9a282dbe52919c48ae1

Download Submit